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Abstract. To model Web services handling data from an infinite do- 
main, or with multiple sessions, we introduce fresh-variable automata, a 
simple extension of finite-state automata in which some transitions are 
labeled with variables that can be refreshed in some specified states. We 
prove several closure properties for this class of automata and study their 
decision problems. We then introduce a notion of simulation that enables 
us to reduce the Web service composition problem to the construction of 
a simulation of a target service by the asynchronous product of existing 
services, and prove that this construction is computable. 

1 Introduction 

Service Oriented Architectures (SOA) consider services as platform-independant 
elementary components that can be published, invoked over a network and 
loosely-coupled with other services through standardized XML protocols in order 
to dynamically build complex distributed applications [T]. This flexible ability 
to compose applications can be viewed as a motto for SOA. 

Service composition has been adressed in many works (e.g. [1615141111913] ). 
One of the most successful approaches to composition amounts to abstract ser- 
vices as finite-state automata (FA) and apply available tools from automata 
theory to synthesize a new service satisfying the given client requests from an 
existing community of services |5l4ll3j . 

However FA models are too abstract for handling data values ranging over 
unbounded domains, such as integer parameters of procedures or strings attached 
to XML documents leaves. This limitation has motivated several extensions of 
automata for dealing with infinite alphabets. A noticeable one is finite-memory 
automata (FMA) proposed by Kaminski and Francez [12j . studied and com- 
pared with pebble automata in [14j . FMA have been extended to data automata 
(e.g. |8I7I17) ) that have better connections with logic while keeping good de- 
cidability properties. Basically FMA can only remember a bounded number of 
previously read symbols. For instance, they can recognize the language of words 
where some data value occurs an even number of times. Our work is related to 
variable automata a simple extension of FA introduced by |10j . In this approach 
some automata transitions are labelled by variables that can get values from an 
infinite alphabet. The model in [10] allows one to keep a natural definition for 
runs and to obtain simple procedures for membership and non-emptyness. 



However it is not obvious whether the automata-based approach to service 
composition (e.g. |5I13| ) can still be applied with infinite alphabets. Our objec- 
tive is to define a class of automata on infinite alphabets which is well-adapted 
to specification and composition of services and to study its properties. 

Contributions. In this paper we consider the service composition problem as 
stated in [5]: given a client and a community of available services, synthesize 
a composition, i.e. a suitable function that delegates actions requested by the 
client to the available services in the community. This problem amounts to show 
( |6I13) ) that there exists a simulation relation between the target service (spec- 
ifying an expected service behaviour for satisfying the client requests) and the 
asynchronous product of the available services. If a simulation relation exists 
then it can be easily used to generate an orchestrator, that is a function that 
selects at each step an available service for executing an action requested by the 
client. In order to head for real- world applications where service actions are pa- 
rameterized by terms built with data taken from infinite alphabets (identifiers, 
codes, addresses ...), we introduce an extension of FA called Fresh- Variable 
Automata (FVA) where some transitions are labelled by variables that can be 
assigned the read letter. A variable binding can be released at some states: in 
that case we say that the variable is refreshed. This mecanism is natural to ex- 
press iteration processes, for instance when a service has to scan a list of item 
identifiers, or sessions. Note that our freshness notion differs from the one in [18]. 
We have established closure properties of FVA for union, intersection, concate- 
nation and Kleene operator. We have shown that universality is decidable. Our 
main result is the decidability of the service composition problem for FVA. This 
gives a non-trivial extension of [3] that we illustrate with a natural example. 

Related work. The related formalism of variable automata [TO] was proposed as 
another simple extension of FA to infinite alphabets. The variables of variable 
automata are assigned at most once a value in a run, except for a special free 
variable that can get a value that is different from the other variables. This is not 
convenient to model services where several variables are reused in each session. 
[TO] investigates closure properties of variable automata but do not consider 
simulation relations. In fact, FVAs and variable automata are incomparable. A 
well established model to handle infinite alphabets is FMA [12]. Although our 
model is less expressive than FMAs, we believe that FVAs are simpler to handle 
and to visualize, and they enjoy more decidable properties such as universality. 

Several works deal with the problems of service composition and orchestration 
in different settings. In the Roman model [5], service composition was considered 
where the services are finite automata with no access to data. A logic-based ap- 
proach was devised in [15] to solve this problem where the agents have access to 
infinite data. The client and the services exhibit infinite-state behavior: the tran- 
sitions are labeled with guards over an infinite domain. In [5] the communication 
actions are performed through channels. Guards/conditions and constraints on 
the transitions have been introduced as well, e.g. [15]. Orchestration was studied 
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in [5] for services with linear behavior in presence of security constraints and 
where the communication actions are arbitrary terms over a given signature. 

Paper organisation. Sec. [2] recahs standard notions. Sec. [3] introduces the new 
class of FVAs . Sec. S] studies FVAs, and shows in particular closure prop- 
erties and decidability of universality. Sec. [5] defines communicating FVAs, or 
CFVAs for short, and introduces the notion of S-simulation. Sec. [S] shows that 
S-simulation is decidable for CFVAs. Sec. [7] applies the results to service syn- 
thesis problems. Final remarks and future works are given in Sec. [8] 

2 Preliminaries 

Let X he a finite set of variables, S an infinite alphabet of letters. A substitution 
is an idempotent mapping {xi ^ ai, . . . , a;„ ^ Q^n} U Uaei;{^ '""^ ^1 '^ith vari- 
ables xi, . . . ,Xn in X and ai, . . . , in X U S. We call {xi, . . . , a;„} its proper 
domain, and denote it by dom{a). We denote by Dom{a) the set dom{a) U S. 
If all the ai,i = 1 . . .n are letters then we say that a is ground. The empty 
substitution {i.e., with an empty proper domain) is denoted by 0. The set of the 
substitutions from A" U i7 to a set is denoted by Cx,a, or by (x, or simply 
by ^ if there is no ambiguity. If ai and (T2 are substitutions that coincide on 
the domain dom{ai) D dom[a2), then ai U (T2 denotes their union in the usual 
sense. We define the function V : SU X — ¥ V{X) by V{a) = {a] \i a ^ X , and 
V(a) = 0, otherwise. For a function F : A — > B, and A' C A, the restriction of 
F on A' is denoted by F^^^i. 

A two-players game is a tuple {Pose,Posa, M,p*) , where Pos£;,Posa are 
disjoint sets of positions: Eloise's positions and Abelard's positions. M C 
(Posb UPoSyi) X (Posb UPoSyi) is a set of moves, and p* is the starting position. 
A strategy for the player Eloise is a function p : Pos_b Pose U Posa, such 
that (p, p(p)) e M for all p G Pos^. A (possibly infinite) play tt = (pi, p2, . . .) 
follows a strategy p for player Eloise iff pi+i — p{pi) for alH G N such that 
pi € Posfi. Let W be a (possibly infinite) set of plays. A strategy p is winning 
for Eloise from a set S' C Pos_e U Posa according to W iff every play starting 
from a position in S and following p belongs to W. 

3 Fresh-variable automata 

In this section we introduce the class of FVAs and illustrate it through simple ex- 
amples. This formalism extends finite-state automata with two features. Firstly, 
the transitions labels consist of letters and variables that can be assigned a value 
from an infinite alphabet domain. Secondly, at each state some of the variables 
are freed from their assignments: they can receive other values. 

A motivating example. We first motivate fresh-variable automata through an 
example that illustrates a service composition problem. We have an e-commerce 
Web site allowing customers to create shopping carts, search for items from 
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an infinite domain and add them to a shopping cart, see Figure |31 The main 
issue is that the three agents CLIENT, CART and SEARCH exhibit an infinite- 
state behavior involving sending and receiving messages ranging over a possibly 
infinite set of terms. We emphasize that variable y is refreshed (i.e. freed to get 
a new value) when passing through the state pq. In the same way variable x is 
refreshed at pi , z at go ^-nd u at qi , and w at respectively. 

CLIENT CART 




Fig. 1. The CART example 



In this example, we ask whether the requests made by the client can be 
answered by combining the services CART and SEARCH. In this section we consider 
only automata in which the transitions are labeled by letters or variables. We 
introduce the communication symbols !, ? for defining a simulation in Sec. El 

Definition 1. A FVA is a tuple A — {S, X, Q, Qo, S, F, k) where S is a infinite 
set of letters, X is a finite set of variables, Q is a finite set of states, Qq <Z Q is 
a set of initial states, 6 — Q x {S U A:") — ^ 2*3 is a transition function with finite 
domain, F C Q is a set of accepting states, and k : X 2'^ is the refreshing 
function that associates to every variable the (possibly empty) set of states where 
it is refreshed. 

For a FVA A, we shall denote by S_a the finite set of letters that appear in the 
transition function of A. Variables in a FVA are considered up to renaming, and 
we always assume that two FVAs have disjoint sets of variables. 
The formal definition of configuration, run and recognized language follows. 

Definition 2. Let A — {S, X, Q, Qq, 6, F, n) be a FVA. A configuration is a pair 

{q, M) where q (z Q and M : X ^ S is a substitution. We define a transition 

relation over the configurations as follows: (qi,AIi) A (52,^2), where a G S, 

iff there exists a label a G S U X such that q2 G 5{qi, a), and either 

(i) a G Dom{Mi) , Mi{a) = a and M2 = Mi|£,, with D = Dom{Mi) \ n^^{q2) 

or 

(n) a g{X\ Dom{Mi)) and A/2 = {Mi \J {a ^ a})|D, with D ^ {Dom{Mi) U 
{a})\K-\q2). 
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A finite word w — W1W2 ■ ■ ■ Wn £ S* is recognized by A iff there exists a run 
(go, Mq) ^ (gi, Ml) ^ . . . (g„, Af„), such that Mq = 0, go £ Qo and g„ e F. 
The set of words recognized by A is denoted by L{A). 



A2 



<ii 




We could define FVAs with e- 
transitions too. We show in the 
Appendix that FVAs with e-tran- 
sitions are equivalent to FVAs. 

Example 1. Let Ai and A2 be the 
FVAs depicted on the right, where 
k{x) = {po} and k{z) = {go,gi}- 
Then, L{Ai) is the set of words 
01010202 • • • o„o„ for n > and 
Oi G S, and L{A2) is the set of 
words in S* , where some letter appears at least twice. We notice that L{Ai] 
cannot be recognized by a variable automata |10) . 




4 Properties of FVAs 



We study in this section properties of FVAs and some basic decision problems. 



4.1 Closure properties 

FVAs with multiple labels. To prove the closure under intersection, we first intro- 
duce a generalization of FVAs called n-FVAs where n is an integer. An n-FVA 
has transitions labeled with n-tuple of labels. In this general setting 1-FVAs are 
FVAs. We show next that n-FVAs and FVAs recognize the same languages. 

Definition 3. An n-FVA, where n e N*, is a tuple A = {S, X ,Q,Qq,S, F, n) 
which is defined like a FVA but for the transition function S : Qx (Z'UA')" 2^ . 

The configurations and runs of n-FVAs are defined as for FVAs, except that 
the currently read letter u G E should match simultaneously with the n compo- 
nents of its n-label for this transition to be fired, see Appendix IE. II 

Theorem 1. For all n > 1, n-FVAs and FVAs are equivalent. 

Proof. We sketch a proof of the non-trivial direction in the case n — 2. The 
general case follows directly by induction on n. Let A = {S,X,Q,Qo,S,F,k) 
be a 2-FVA, and let us introduce nx = and — \Ea\, and assume 
= {«!,•■• jflni;}- Let ^ C {1, . . . ,nx + ns}^^^'^ be the set of functions 
from Sj, LlX to {1,. . . ,nx + n^} such that for every ip € iP we have V'(afe) = k. 
Furthermore, given D C X and ^ e if", we let -0^ be the subset of 'f' of functions 
equal to tp on U X)\D. Finally, given a substitution M e Cx.s we let 
be the subset of 'F of functions tp such that, for all x,y G SA'^dom{M), we have 
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M{x) = M{y) iff V(a;) = ?A(y). Let A' = {S,X,Q x <F,Qo x x <F,S',k') 
where the transition function 6' is defined as follows: for all {qo,ipo) G Q' and 
a, 13 e Ua^X, ^'((gcV'o), (q;,/3)) = { (gi , -^i ) I 9i e <5(go, (a, /3)) and Vo(a) = 
V'o(/3) and V'l e V'o' ^''^l; Finally for x e X, we define K'(a;) = k{x) x 'Z'. We 
can prove that there exists a run qQ,Mo ' . . . ^ Af„ in ^ i/f for 

all Vn e ^'j\/„ there exists a run (go,'0o),A^o '■"i^''' ... "^"lif"^ (g„,V'ri),Mn 
in A'. Thus, A and recognize the same language L. Finally, a 1-FVA B 
recognizing the same language L is constructed from A' by mapping each integer 
in ip{X U Sa) to a variable or a constant. □ 

As shown by a language L = {a}, with a e 17, the complement of a FVA(- 
recognizable) language is not necessarily FVA-recognizable. Note also that [TU] 
has neither considered Kleene operator nor the concatenation. The closure under 
union is straightforward since we just take the disjoint union of the two FVAs. 
The closure under Kleene operation and concatenation is a direct consequence 
of the fact that FVAs with e-transitions and FVAs are equivalent (Lemma [2] 
in the Appendix). The closure under intersection is an immediate consequence 
of Theorem [TJ since the intersection of two FVAs amounts to computing their 
Cartesian product, which is a 2-FVA. Thus we have the following theorem. 

Theorem 2. FVAs are closed under union, concatenation, Kleene operator and 
intersection. 

4.2 Decision procedures for FVAs 

We study the decidability and complexity of classical decision problems: Nonempti- 
ness (given A, is L{A) ^ 0?), Membership (given a word w and A,\aw ^ L(.A)?), 
Universality (given A, is L{A) = IJ*7), and Containment (given Ai and A2, is 
LiAi) c L{A2)?). 

Theorem 3. For FVAs, Nonemptiness is NL-complete, Membership is NP-com- 
plete, and Universality is decidable. 

Proof for Universality. We say a variable x is free in a configuration q, M if 
X ^ dom{M). Out of A we construct a FVA A! such that for every reachable 
configuration g', M on A! every transition out of q' is labeled with a variable 
free in q' . 

Claim 1. If A is universal then for every n > there exists a path 0/ length n 
from an initial state to a final state in which every transition is labeled with a 
variable which is free in the source state of this transition. 

Proof of the claim. By contradiction assume A is universal but there exists 
n > such that every path of length n from an initial state to a final state has 
at least one transition over either a letter or an already bound variable. We note 
that the word wi . . .Wn G i7*, in which wi ^ Wj for all i 7^ j and Wi ^ Sa, is 
not recognized by A. This contradicts the universality of A. □ 
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Assume A = {S, X, Q, Qo, F, 6, n) and let A' = {S, X, Q' , Q'^, F' , 6', k') where: 

Q' = {{q,X)\qG Q and X C X} 
Q'o = {iq,X)\qeQo} 
F' = {{q,X) \qeF and X QX} 

and {q',X') e 5'{{q,X),x) if, and only if, a; G X and X' ^ {X \ {x}) U k^H?'), 
and k'{x) = {{q, X)\q e k{x)}. 

Claim 2. There exists a run qo, Mq — ^ . . . ^ g„, Af„ in A in which for all 1 < 
i < n we have Xi ^ Dom{Mi-i) if, and only if, there exists a run (qo, X), Mq 
. . . ^ ((?„, X„), M„ in A' with X^ = X \ Dom{M„). 

Proof of the claim. By induction on n. Since dom{Mo) — the case n = is 
trivial. Assume the claim holds up to n. Let us prove the equivalence for n + 1. 

<S=) Since (q„+i,X„+i) G (5'((g„, X„), a;„+i) by induction x„+i ^ Dom{M„). 
Thus qn+i G S{qn,Xn+i) and Xn+i is free at the state (?„ of the run. The substi- 
tution Mn+i obtained is as expected. 

=J>) Assume a transition g„, M„ A qn+i, Mn+i is labeled with Xn+i ^ Dom{AIn). 
By induction x„+i e X„, and thus {qn+i,X„+i) G 5'((g„, X„), □ 

Thus, for every run starting from an initial state and reaching a configuration 
(g, X), M the couple {dom{M),X) is a partition of X. Consequently each transi- 
tion of A! is labeled with a variable which is free in every run reaching its source 
state. Thus it suffices to prove that in A! , for every n > 0, there exists a path 
from an initial state to a final state of length n. We reduce this problem to the 
universality of the FA A" on a unary alphabet {a} obtained by replacing every 
transition gi A q2 of A' by the transition qi A 52 , where a is an arbitrary letter 
in S. That is, we check whether L(A") = a*. □ 

□ 

We cannot check L{Ai) C L{A2) by intersecting L{Ai) with S*\L{A2) since 
the latter is not necessarily a FVA language even when A2 is a FA. However 
containment is decidable if one of the FVAs is a finite automaton, since in this 
case the intersection of the languages is regular (Lemma [5] in the Appendix) . 

Theorem 4. The containment problems between a FVA and a FA are decidable. 

5 Games for the simulation of communicating FVAs 

To deal with service composition problems we need first to extend FVAs to the 
communicating FVAs, or CFVA for short, where labels (letters or variables) are 
prefixed by a communication symbol " !" or " ?" . Then we generalize the standard 
FA simulation relation to a FVA simulation in order to formalize that a client 
can be satisfied by an available service (when both are specified by a CFVA) . A 
client transition labeled by \x, where x is not bound, should be simulated by a 
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service transition which is labeled by ?y, where y is not bound as well, since the 
service should handle all instances of On the other hand, a client transition 
labeled by Ix, where x is not bound, can be simulated by a service transition 
labeled by any \a. Hence, in order to define properly the simulation we should 
take into account the refreshing of variables. 

Definition of CFVAs. Formally, a CFVA is defined exactly like a FVA but for the 
transition function 5 = Q x (17 U A')'' — >• 2*^, where for a set S, S'^ denotes the 
set {Is, ?s I s e S}. To simplify the presentation from now we shall only consider 
CFVAs in which there is a unique initial state and all the states are accepting. 
The definition of the simulation game for CFVAs follows. 

Definition 4. LetAi = Xi,Qi,(lo'Si, Fi, ki) andA2 = A'2, (52, 9o) ^2, -^2, K2) 
be two CFVAs where XiCl X2 ^ 0- Let Pos be the set of positions reachable from 
p* = ((0, gi), (0, q'^))^ by the set of moves M = Mj^ U U M]^ U M^, where: 

= {((0-1:91)7 £"2)^ -> {{(7i\D, Qi), Q2, {cri,'!a)) ^ 

I q[ S (5i(gi, 7a) and D = Dom{a\) \ Ki~^(?i)} 
= { ((«^i, 51), ^ (((fTi W 7)|z,, q{), Q2, (7 W CTi, !a))^ 
I q[&Si{qi,\a) 

and D = Dom{ai W 7) \ K^^{q'i) 
and 7 : V{a-i{a)) E} 

M'e = {(£'l,(CT2,q2),(cri,!a))^^ (ei,((£72 ttla)|B,g^))^ 
I q'2&S2{q2,W) 

and D = Dom{a2 W cr) \ K2^il2) 

and (t((72(/3)) = (7i(a)} 
^1 = {((^i,9i),(^2,<Z2),(cTi,?a))^^ (((ai Wa)|i,,,gi),((a2W7)|z5,,92)), 
I G<52((Z2,!/3) 

and Di = Dom{ai W a) \k-^ ^((Zi), 

and D2 = Dom{(T2 W 7) \ '^2'^(92) 

and a{a[{a)) = 7(a2(/3)) 

and^:V{a2{l3))^S] 

where the moves in Mj, U are wrt any possible substitution u. 

We let Posb = Pos n (Ca-i x Qi) x ((^-2 x Q2) x {C,x-y x (r U X)") and 
Posa = Pos n {C,Xi X Qi) X {C,X2 X Q2)- The simulation game of Ai by A2, 
denoted by G{Ai,A2), is the two-players game {Pose,Posa, M,p*) . As usual, 
any infinite play is winning for Eloise, and any finite play is losing for the 
player who cannot move. 

Deflnition 5. Let Ai = {S, Xi,Qi,ql,Si, Fi, ki) andA2 = (il', ^"2, Q2, <7oi '^2, ^2, ^2) 
be two CFVAs. There is a ^-simulation of Ai by A2 iff Eloise has a winning 
strategy in the game Q{A\,A2), and we shall write A\ -< A2. 

Explanations of the rules of the game. The simulation game Q{Ai,A2) is played 
between two players: Abelard (V or attacker) and Eloise (3 or defender). Its 
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positions are either of the form ((cti, qi), (0-2, 52))^^ or ((ai, gi), ((T2, ^2), (cr, ck))^, 
where CTi,cr2,cr are ground substitutions, qi (resp. of (72) is a state of Ai (resp. 
A2), and a is a message in {SUX)" . They correspond to Abelard positions (A) 
or Eloise positions (E). The moves Mj^ state that Abelard chooses a transition 

qi ^ q[ in Ai and asks Eloise to match it. Consequently, all the variables 
that must be refreshed in the resulting state q[ are released. The moves 
are the same as M\ apart that they deal with a sending message \a. In this 
case, Abelard must first instantiate the variable in !a (if any) with a letter by 
a ground substitution 7, then asks Eloise to match the message 7(!q!). The 

moves M'^ state that Eloise chooses a transition q2 ^ q'2 in A2 to match the 
message ai{\a). Indeed, she matches U2{P) with cri(a) where a2 represents the 
value of the variables in the state 92- The resulting substitution a is stored in 
the resulting state ^-nd all the variables that must be refreshed at ^2 ^-re 
released. The moves AfJ; are like except that Eloise must first instantiate 
the possible variable of the sending message cr2(/3) with a ground substitution 7. 

Notice that for every Eloise position ((cti,(7i), (0-2,92), (c, a))^ £ Poss, the 
substitutions cti and a coincide on dom(ai) ndom{a). Notice also that the simu- 
lation game might be infinite with possibly infinite branching since S is infinite. 

The '5 -simulation problem for CFVAs is the following: given two CFVAs Ai 
and A2, is Ai < -4.2? 

Example 2. Let A and B the CFVA depicted in the Figure[2l where k{x) ~ {pi} 
and K{y) — {po}. One can show that A di B. 




Fig. 2. CFVAs A and B with A ^ B, where k{x) = {pi} and K{y) = {p,,}. 
Ss 

6 On the decidability of the S-simulation problem 

In this section we show that the problem of S-simulation is decidable. The idea 
is that this problem can be reduced to a S-simulation problem over the same 
CFVAs in which the two players instantiate the variables from a finite set of 
letters, as proven in Proposition [TJ 

Definition 6. Let Ai = {S,Xi,Qi,qQ,Si,Fi,Ki) and A2 ~ {S,X2,Q2,qo,S2, 
F2,K2) be two CFVAs. We define G{Ai,A2) to be the game obtained by restrict- 
ing the codomain of 'f to Co in the rules of Eloise M'^ and Abelard M'^ in 
Def where Co = Sai U U {Xi x X2) U {X2 x Xi). 

The following Lemma states an immediate property of the game Q. 

Lemma 1. LetAi,A2 be two CFVAs. Then, the game Q{Ai,A2) is finite. 
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In order to prove Proposition [T] we need to introduce the notion of coherence 
between substitutions and between game positions. 

Definition 7. Let C be a finite subset of S. The coherence relation C x C 

between substitutions is defined by a a iff the three following conditions hold: 

1. dom(d) = dom{a), 

2. If a{x) e C then a{x) = C7{x), and if a{x) G C, then (t(x) = cr(a;), for any 
variable x G dom{a), and 

3. for any variables x,y G dom{a), a'{x) = a{y) iff a{x) = (T{y). 

The definition of the coherence between game positions, stih denoted by ixc, 
follows. 

Definition 8. Let C be a finite subset of E. 

Let Ai = {S,Xi,Qi,qQ,Si,Fi,Ki} and A2 = {S, X2,Q2,qo,S2, F2, K2) be two 
CFVAs s.t. Xi r\ X2 = 0. Let Posb (resp. Pos^^ be the set of Eloise's (resp. 
Ahelard's) positions in the game G{Ai, A2)- Then we define the relation: M(7 C 
Posa X Posa U Pose x Posb by: 

• For any ai,ai of proper domain included in Xi (i = 1,2) we have: 

(0-2,92))^ Nc {{ai,qi),{a2,q2))J iff WCT2) Nc (cti Wct2)- 

• For any ai, ai of proper domain included in Xi (i = 1,2 ), for any substitutions 

a, a with proper domain included in Xi , we have: 
((cti U ct) l±) CT2) Kc ((cTi U (t) ttl a2) iff 

(0-2, 92), (o-,^))^ Nc ((o-l,'7l), (^2,92), (cr,a))^). 

Now we are ready to show that the games Q and Q are equivalent in the following 
sense: 

Proposition 1. Let Ai = {i:,Xi,Qi,ql,5i,Fi,K.i) and A2 = {S , X2,Q2,ql,52, 
F2, 1^2) be two CFVAs. Then, Eloise has a winning strategy in Q{Ai,A2) iff she 
has a winning strategy in Q{Ai,A2)- 

Proof. Up to renaming of variables, we can assume that XinX2 =0. For the di- 
rection we show that out of a winning strategy of Eloise in ^(^1,^42) 
we construct a winning strategy for her in G{Ai,A2). For this purpose, we 
show that each move of Abelard in GiAi,A2) can be mapped to an Abelard 
move in G{Ai,A2), and that Eloise response in G{Ai,A2) can be actually 
mapped to an Eloise move in GiAi, A2). This mapping defines a relation TZ 
between the positions of ^(^^1,^2) and the positions of G{Ai,A2) as follows: 
ncPosEiGiAi,A2))xPosE{G{Ai,A2))uPosAiGiAi,A2))xPosA{G{Ai,A2)), 
such that if (p, p) G TZ, and the move p ^ p' in G{Ai,A2) is mapped to 
p p' in G{Ai,A2), or p ^- p' in G{Ai,A2) is mapped to p p' in 
G{Ai,A2), then (p',p') G TZ. Furthermore, we impose that the following in- 
variant (Iuv-n) holds: If (p, p) G 7?. then p ixc p, where C — U Sa2- We 
recall that the variables in 5 (^1,^42) are instantiated from the set of letters 
Co = Sai U IJA2 U (-^i X Ai) U {X2 X Xi). The main part of the proof consists in 
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finding tlie riglit way to relate the instantiation of the variables of the sending 
messages in G{Ai,A2) and G{Ai,A2)- More precisely, we distinguish three cases: 
when Abelard in G{Ai, A2) instantiates a variable with a letter in S^-^ U Sa2': 
then Abelard in G{Ai,A2) must instantiate the same variable with the same 
letter. When Abelard in Q{Ai,A2) instantiates a variable with a fresh letter 
that belongs to Cq \ {^Ai U ^^2) ~by fresh we mean it does not appear in the 
current position of Q{Ai, A2)- then Abelard in ^(^1,^42) must instantiate the 
same variable with a fresh letter in U. Finally, when Abelard in Q{Ai,A2) in- 
stantiates a variable with a non fresh letter, say ap: i-C- oo appears in the current 
position, then Abelard in Q{Ai, A2) must instantiate the same variable with the 
letter ao related to uq, i.e. in a previous step the choice of oq corresponds to the 
choice of oq. For the other direction, i.e. Eloise instantiation of the variables in 
G{Ai, A2) from S is related to Eloise instantiation of the variables in G{Ai, A2) 
from Co by following the same principle. Following this construction, we ensure 
that the invariant (Inv-x) is always maintained. 

The proof of the direction (-4=) is similar to the one of (=>): wc follow the same 
instantiation principle and keep the same definition of the N-coherence. □ 

It follows from Lemma [T] and Proposition [T] 

Theorem 5. The problem of S -simulation is decidahle for CFVAs. 

Given two CFVAs Ai,A2, deciding whether Ai d: A2 simply amounts to con- 
struct the finite game GiAi,A2) and compute a winning strategy for Eloise. 

7 Service composition 

To carry on the CART example and real-world service applications, we need to 
extend CFVAs and 9-simulation so that transitions labels can be of type \t or 
?t, with t an arbitrary term over a first-order signature. This extended model 
(ECFVA) is detailed in Appendix ID] S-simulation problem remains decidable for 
the subclass of ECFVAs in which the terms labeling the transitions are either 
constants or of the form /(ai, . . . , a„) where / is a functional symbol and ai is 
either a variable or a constant, as is the case for the CART example. 

Composition synthesis. We consider the same composition synthesis problem as 
in [1316] besides the modelling of the client goal and each service as an ECFVA. 
We adapt the construction of the asynchronous product (E) on FAs [13] for ECF- 
VAs to obtain an ECFVA modelling the community of available services. Finding 
a simulation then amounts to constructing a winning strategy for Eloise in the 
simulation game. In the case of the CART example, one strategy can be computed 
in the game CJ(CLIENT, CART® SEARCH), and thus the client requests can be satis- 
fied. Notice that this problem is EXPTIME-hard as a direct consequence of [T3], 
where this lower bound obtained for the composition synthesis of deterministic 
finite automata is established. 
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8 Conclusion 



In future works we plan to investigate the complexity of the universality and 
S-simulation of CFVAs and to find other classes of ECFVAs for which the S- 
simulation can be decided. It would be important to consider security constraints 
that the composition of services must fulfill as in j^. For this purpose, suitable 
model-checking techniques have to be devised for FVAs. 
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Appendices 



A On the comparison with other models 

FVAs are incomparable with variable automata [TD|. On the one hand the lan- 
guage L = {01010202 • • • anttn, n > 0, Oi G cannot be recognized by a variable 
automaton as shown in [TU] . However, it is recognized by the FVA Ai of Exam- 
ple [2 On the other hand, the language of all the words in which the last letter 
is different from all the other letters can be recognized by a variable automaton 
but not by a FVA, since there is no way to express in FVAs that a variable is 
distinct from other variables. Besides, the subclass of variable automata without 
free variables coincides with the subclass of FVAs without fresh variables. 

FVAs are weaker than FMAs [12]. The language of words in which some 
letter appears exactly twice can be recognized by a FMA [Ij] but not by a FVA. 

B Appendix for Section [4] 

Before establishing the proofs of the claims of Section |4l we first give the formal 
definition of configuration and run for n-BFVAs since it is required thereafter. 

B.l Run and configuration for n-BFVAs 

Definition 9. Let A = {S, X, Q, Qq, 6, F, n) he an n-FVA. A configuration is a 
pair (g, M) where q € Q and M : X ^ S is a substitution. We define a transition 
relation over the configurations as follows: (gi,Afi) ^ ((72,-^^2); where u € S, 
iff there exists an n-label In = (^i, . . . , S (17 U X)^ , such that q2 € S{qi,ln), 
and a substitution a : X — > S such that a{Mi{li)) = u, for all i G {1, . . .n}, 
so that M2 = (Ml W a)\D, where D ~ Dom{Mi W cr) \ K^^{q2). A finite word 
u = uiU2...Um G S* is recognized by A iff there exists a run (qQ,Mo) 
(gi, Afi) ^ . . . ^ {qm,Mm), such that Mq = 0, go G Qa and q^ G F. The set 
of words recognized by A is still denoted by L{A). 




Fig. 3. A 2-FVA. 

Example 3. Let A be the 2-FVA depicted below where niy) = {90,91} and 
k{x) = 0. It is clear that L{A) = {(oz)" | z G Z", n > 1}. 
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B.2 Closure under basic operations 

The class of FVAs with e-transitions wiU be denoted by e-FVAs. 

Lemma 2. For a e-FVA there exists a FVA A (without e -transitions) sat- 
isfying L{A) =L{A^). 

Proof. The construction of a FVA out of a e-FVA is more subtle than the con- 
struction known for FAs since we need to take into account the refreshing of the 
variables. We define an operator O that transforms a e-FVA to an equivalent e- 
FVA with strictly less e-transitions. Thus the desired FVA without e-transitions 
is the least fixed-point of 0. Intuitively, the operator O eliminates all the e- 
transitions which are preceded by a non e-transition. 

Assume A^ = {E, X, Q'^, Qq, F^, 6^, n^). Let T{q) be the set of states that are 
reachable from state q by following an c-transition and let T{Q') = {T{q)\q G Q'}, 
for Q' C Q^. Let = {S, X, Q, Qq, F, S, k) where: 

Q = U (0" X Q^) 
TTi : ViQ) ^ r{Q') 

Q' ^{p\{p,q)&Q'} 
7T2 ■■ ViQ) ^ ViQ') 

Q' ^{q\{p,q)&Q'} 
F = F'U r-^(F^) U TT^^iF') 

6 = {p-^qe5^ I a 7^ e} U {gi (gs, 93) | 9i 4 ga 4 93 G | « 7^ e}U 

{{qi,q2) q3 I 92 -^^ gs e 5^} U {gi 4- 52 I $qo 4 gi s.t. a 7^ e} 
K = K^U (TTf ^ o k"^) u (tt^^ o k") 

In order to prove that L{0{A^)) = L{A'^), it suffices to prove the following 
three Claims, the first one is straightforward: 

Claim 1. Every accepting run in A'^ that does not follow any e-transition is 
still an accepting run in 0{A'^). Conversely, every accepting run in 0{A^) that 
passes only through states in is still an accepting run in A^. 

Claim 2. There exists a run 

go, Mo 4 gi,Mi 4 92,^2 

in A^ with a 7^ e iff there exists a run 

go. Mo 4 (gi,g2),M2 

in 6>(^^) such that M2 = M2. 

Proof of the Claim. 
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=^>) From the definition of Q and 6 it follows that {qo,qi) G 6{qo,a), and it 
remains to show that M2 = M!^. We only discuss the case when a is a 
letter in i7, the case when it is a variable can be handled similarly. On the 
one hand, M2 = Mi\d^ where D2 = Dom{Mi) \ {k")-'^ {q2), and Mi = 
M2\m where Di = Dom{Mo) \ K~^{qi). Hence M2 = Mo\d where D = 
Dom{Mo) \ U (K^)-^{q2)). On the other hand, we have M2 = 

Mq \ D', where D' = Dom{MQ) \ K^^{{qi,q2))- It follows from the definition 
of K, the refreshing function of 0{A'^), that K,~^{{qi,q2)) = {K,^)~^{qi) U 
{K^)-^{q2). Hence, D = D' and M2 = M^. 

<=) This direction is proved by following the same reasoning made in the direc- 
tion (=>) on the refreshing function. 

This ends the proof of Claim 2. □ 

Claim 3. Let qi G and {qo,qi) G Q- There exists a run 

91, Ml 4 92, M2 

in iff there exists a run 

(go, 91), Ml 4 92, M2 

in OiA^). 

Proof of the Claim. By checking the transition function 6. □ 

To accomplish the proof, it remains to notice that if 9 G Q is such that q ^ 
7rf ^(Q^), then the outgoing transitions from q in A^ are exactly the outgoing 
transitions from q in 0{A^). 

a 

Lemma 3. 2-FVAs and FVAs are equivalent (i.e. recognize the same languages). 

Proof. First it is trivial that any language recognized by a FVA A is also recog- 
nized by the 2-FVA A', a copy of A in which transitions are indexed by couples 
{x, x) instead of a variable or constant x. 

Now let i be a language recognized by a 2-FVA A, and let us construct a 
FVA B that recognizes L. It suffices to prove that for any word lo there is a run 
of A that ends in a final state if, and only if, there is a run of B that also ends in 
a final state. In order to construct B we first construct from A another 2-FVA 
A' that recognizes the same language, and such that the translation of A' into 
a 1-FVA is trivial. In order to simplify notations, we assume in this proof that 
the assignment M on the variables of an automaton is extended by the identity 
function on the set Sa. of letters occurring in the 2-FVA. 

Definition of^. Let A = {S, X, Q, Qo, 5, F, k), and let nx = \X\ and ns = 
and assume Ej, = {oi, • • • , an^}. Let 'F C {!,..., nx + n^}^-^'-''^ be the set of 
functions from U X to {1, . . . ,nx + ns} such that for every tp € ][' we have 
i^idk) = k. Furthermore, given D C X and V G tf', we let be the subset 
of ^ of functions equal to ijj on \J X) \ D. Finally, given a substitution 
M on U A" we let ]Pm be the subset of ]P of functions tp such that, for all 
x,y G Sa^ dom{M), we have M{x) = M{y) iff '4}{x) = V'(j/). 



15 



Construction of A'. We let A' be the 2-FVA automaton {S, X, Q', Q'q, S', F', k') 
where: 

r Q' = Q X If 

{ TT : V{Q') ^ V{Q) 

{ Q"^{g|(g,V)eQ"} 

and Qq = 7r~-^(Qo)7 F' = 7r~-^(F), and k' = Tr~^ o n. The transition relation 5' 
is defined as follows for all (go; tpo) € Q' and a,(3 € U A": 

^((5o,V'o),(a!,^)) = ki e ^(^0,(0!,^)) and Vo(Q!) = V'o(/3) and Vi e V'o 

Claim. Tftere ea;isfs a run qo, 

for all tpn e tf'Mn there exists a run (goi V'o)! Mq (91, V'i)> -^1 —>■••• 

{qn,tpn),Mn in A'. 

Proof of the claim. We prove the two implications by induction on n. The 
case n = is trivial in both cases, so let us focus on the induction step in each 
direction. 

<=) We note that since Vm„ is never empty, it suffices to prove the existence of 
the run in A for one run in A' . We leave to the reader this verification given 
the definition of the transition function. 

=>) Assume that for every run of length n in ^ and for every possible tpn there 
exists a run as prescribed in A' . Using the above notations, let us extend 
a run of length n with a transition to Qn+i G ^(Snj (o^n+i) /3n+i))) and let 
M„_|_i be the assignment to variables in It suffices to prove that for 

every function tpn+i & ^M„^i there exists a function € '1'm„ such that 

(g„+l,V'n+l) G ^((gn,V'«), (ari+l,/3ri+l))- 

First let us prove that the subset of functions ijjn such that there is a transi- 
tion from with the pair (a„_|_i, is not empty. This set contains 

all the functions V-'n such that: 

ix,y&SA^ dom{Mn),^nix) = V'„(y) <^ M„(x) = M^iy) 

Since the transition is feasible on 5„ we note that if both a„+i and I3n+i are 
in IJA^dom{Mn) wc must have M„(q:„+i) = Af„(/3„_|_i), and thus the second 
condition is satisfied. Otherwise, say if a„+i is not in Sa U dom{Mn), any 
value is possible for ipn{an+i), including the value Vn(/3n+i)- Thus, there 
exists some states {qn+i,ip.n+i) e S'{{qn,ipn), (ari+i,/3n+i) for some ip^. 
Second, let us prove that for every tpn+i such that for every ipn+i G 'I^Mn+i 
there exists a ipn as above such that {qn+i,tpn+i) ^ S'{{qn,tpn), {an+i,Pn+i)- 
On the one hand, if a variable x is refreshed and by definition of the transition 
relation on A' , if ■i/'n+i) is reached then for every /€{!,..., ns + nx} 

there exists V'n+i equal to Vn+i but on x, where Vn+i(a;) = /. On the other 
hand, if x is not refreshed, then all the possible values of ipn+i{x) are also 
all the possible values of ipn{x) for the ^/^n on which the transition is possi- 
ble. This is easily proved by considering the three cases x G dom{Mn+i) n 
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dom{Mn), X € dom{Mn+i) n {a„+i, /3„+i}, and x ^ dom{Mn+i) (and thus 
not in (iom(M„)) and proving that in each case the condition; 

Va;, y e SaU dom{M), ij{x) = ij{y) ^ M{x) = M{y) 

holds for tj} and M^+i if it holds for the same if) and iV/„ as long as ■0(a„+i) — 

Construction of a 1-FVA from A' . From A' one constructs the 1-FVA: 

B = ({ai, . . . , a„^}, {Xns + l, • ■ ■ , Xns+nx}^ Q') Qo) ^'7 1^") 

where, with Ci denoting either if 1 < i < or Xi if + 1 < * < jt-i; + jt-a'^ 

— g' e S"{q,Ci) if, and only if, q' G (a,/?)) where q — (go; V') aiid '^ict) = 

— K"{xi) is the set of (qo,^) such that "'^(i) C k ^{qo). 

Theorem 1. For all n > 1, the n-FVAs and FVAs are equivalent (i.e. they 
recognize the same languages). 

Proof. We prove by induction on n > 1 that the {n + l)-FVAs and the n-FVAs 
are equivalent. The base case n = 1 follows from Lemma [S] For the induction 
case we transform a (n + 1)-FVA A to an equivalent n-FVA by contracting the 
first and the second component of the (n + l)-labels of A as in the proof of 
Lemma [3] and keeping the remaining n — 1 components unchanged. □ 

Theorem 2. FVAs are closed under union, concatenation, Kleene operator and 
intersection. 

Proof. Up to variable renaming it is sufficient to consider the union, intersection 
and concatenation of two FVAs that do not share variables. 

We recall that the closure under union is straightforward since we just take 
the disjoint union of the two FVAs. The closure under Kleene operation and 
concatenation is a direct consequence of the fact that FVAs with e-transitions 
and FVAs recognize the same language. Lemma [H 

The closure under intersection for FVAs is an immediate consequence of The- 
orem[TJ since the intersection of two FVAs amounts to computing their Cartesian 
product, which is a 2-FVA. Formally, let Ai — {Sx, Xi,Qi,qQ,5i, Fi, ni) and 
A2 = {S2,X2,Q2,ql,52,F2,H2) be two FVAs, where Xir\X2= 0. The 2-FVA 
Ai X A2 is defined by: 

^1 X ^2 = {Si\J S2,Xi\J X2,Qi X Q2,ql X ql,5,Fi x F2,n), 

where 5 and k are defined by: 

[(91,92) e ^((91,92), (ai, 02)) iff q'i<^5i{qi,OLi) aRdq'^e62{q2,a2). 
[(91,92) e K(a;) iff qi ^ Ki{x) 01 q2 e K2{x). 

The closure under intersection for FVAs follows from Lemma[3]and the following 
Fact: 
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Fact 3 Let Ai and Ai he FVAs. Then, L{A\) n L{A2) = L{Ai x ^2)- 

This ends the proof of Theorem [2] □ 



Lemma 4. FVAs are not closed under complementation. 

Proof. As a counter example we consider the language L = {a}, with a & S. 
The complement of L is the language L2 tbi Li where L2 consists of all the words 
of length greater (or equal) than 2 and Li consists of all the words of length 
1 in which the letter differs from a, i.e. L2 — {0102 . . . a„ | £ 17, n > 2} and 
Li = {oi I oi G S \ {a}}. The language L2 can be recognized by a FVA. In order 
to show that Li ttJ L2 is not FVA-recognizable, it suffices to show that Li is not 
FVA- recognizable. Towards a contradiction: assume that Li can be recognized 
by a FVA B without e-transitions. Hence B must contain transitions of length 1 
linking an initial state to an accepting state. On the one hand, each transition 
of B can not be labeled by a variable, otherwise B could accept words not in ^2- 
On the other hand, all the transitions of B must be labeled by letters in 17 \ {a}, 
but this is impossible since S is infinite. □ 

B.3 Nonemptiness and membership 

Theorem 3. For FVAs, Nonemptiness is NL-complete and Membership is NP- 
complete. 

Proof. For Nonemptyness, let ^ be a FVA and let J-'{A) be FA obtained from 
A by considering all the variables as letters. Notice that J-'{A) is nonempty iff 
A is nonempty. The complexity follows from the fact that FA nonemptiness is 
NL-complete. □ 
For Membership, consider a FVA A and a word w. For the upper bound, a 
non deterministic polynomial algorithm guesses a path in A of length \w\ such 
that the final state is accepting, then checks wether the corresponding run on 
w is possible. The lower bound is shown by a reduction from the Hamiltonian 
cycle problem for digraphs as in the extended version of |10j . □ 

B.4 Containment 

Lemma 5. Let A be a FVA and F be a FA. Then, L{A) n L{F) is regular. If 
L{A) ~ L{F) then all the paths of A linking an initial state to a final state are 
labeled with letters. 

Proof. The first claim follows from the proof of Theorem [2] the construction of 
Af^F yields a FVA in which all the transitions are labeled with letters. 

For the second claim, assume that the regular language L{F) is over a finite 
alphabet Sf. Towards a contradiction: Let gi ^ . . . (jm — J" • • • % be a path in 
A such that qi (resp. qk) is an initial (resp. final) state, x is a variable, and for 
every i < m, is a letter. Indeed, this path recognizes a word w = wi . . .Wk that 
does not belong to L{F), e.g. by choosing Wm+i ^ ^f- This is a contradiction. 

□ 
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Theorem 4. The containment problems between a FVA and a FA are decidable. 

Proof. Let A be FVA and F be a FA. 

For the inclusion L{F) C L{A), we check whether L{F) n L{A) = L{F). 
From Lemma [5] it follows that the language L{F) n L{A) is regular and the 
FA recognizing it can be constructed. Hence, the inclusion above amounts to 
checking the inclusion of two FAs, which is decidable. 

For the inclusion L{A) C L{F), we check whether L{A) H L{F) = L{A). On 
the one hand, it follows from Lemma[5]that L{A)nL{F) is regular. On the other 
hand, it follows from Lemma [5] that all the (accessible) transitions of A must be 
labeled with letters, since L{A) is regular. Hence, the inclusion above amounts 
to checking the inclusion of two FAs. □ 

C Appendix for Section [6] 

The claims in the following remark are not hard to prove. 

Remark 1. Let C C be a finite set of letters, a and a two substitutions, x a 
variable, and a a letter in C. The following hold. If ct ct then \codom{(7)\ = 
\codom{a)\ and o-\d, where D C Dom{a). Consequently, if {ai l±) (T2) M 

((Ti l±) with dom(ai) — dom{ai), then ai n ai, for i = 1,2. 

Proposition 1. LetAi = {Sq, Xi,Qi,qQ,Si, Fi, ki) andA2 = (^0, '%2, Q2, ^2, 
be two FVAs. Then Eloise has a winning strategy in G{Ai,A2) iff she has a 
winning strategy in Q{Ai,A2). 

Proof. Up to variables renaming, we can assume that Xi f] X2 — 0. For the 
direction we show that out of a winning strategy of Eloise in G{Ai,A2) 
we construct a winning strategy for her in G{Ai, A2). For this purpose, we shall 
show that each move of Abelard in GiAi,A2) can be mapped to an Abelard 
move in G{Ai,A2), and Eloise response in GiAi,A2) can be actually mapped 
to an Eloise move in G{Ai, A2). This mapping defines a relation 7^|2| between 
the positions of G{Ai,A2) and the positions of G{Ai,A2) as follows: 

7^ c Pose(G{Ai,A2)) X PosEiG{Ai,A2)) U 

P0Sa{G{Ai,A2)) X P0SAiG{Al,A2)) 

Furthermore, we impose that the following invariant holds: 

If (p, p) eTZ then p Nc p, (Inv-x) 

where C = E^i U Sa2- In this proof, we shall simply write "m" instead of 
"mc". We recall that the variables in G{Ai,A2) are instantiated from the set of 
letters Cq = U Sa2 U (Xi x X2) U {X2 y. Xi). The proof is by induction on 

^ More precisely, if (p, p) G TZ, and the move p p' is mapped to p p', or p p' 
is mapped to p p', then (p', p') e Ti. 



19 



n, the number of the moves made m G{Ai, A2) plus the number of moves made 
m G{Ai,A2)- The base case, i.e. when n — 0, trivially holds since the starting 
position ofg{Ai,A2) and ofQ{Ai,A2) is (go,9o)A- 

For the induction case let (p„, p„) G TZ. We consider two possibilities: when 
p„ and pn are both Abelard positions and when they are both Eloise posi- 
tions. Consider the first possibility and an Abelard move rh — pn pn+i in 
G{Ai,A2)- We distinguish two cases depending on to. 
Case (i). If to e M'^, then to is of the form: 

rh = ((a-i,gi), (ct2,(72))4 ^ {{^i\d,(1i)^ {^2,q2), {ai,7a))^ 

where q[ G Si{qi, 7 a) and D — Dom{ai) \ Hi^iq'i) 

From the induction hypothesis we have p„ x p„, hence p„ = ((cti, (ji), (0-2, 'J'2))4 
such that (cti W 0-2) x (cti l+l (T2)- Thus Abelard move in g{Ai,A2) is 

((cri,gi), (cr2,g2))A ^ ((CTl|£,,(7i),(cr2,'72),(o-l,?a))E 

and the invariant dlnv- n | ) is maintained. 
Case (a). If TO G M^, then to is of the form: 

(o-2,g2))A (((cti W7)|i3,(7i),(5-2,(72),(7Wa-i,!a))g 

where G 5i{qi^ \a),D = Dom{ai W 7) \ Hi^iq'i) 
and 7 : V(a-i(a)) — > Cq 

The only relevant situation is when cti (a) is a variable, say Xi G Xi. The situation 
when it is a letter is similar to the previous case since 7 = 0. From the induction 
hypothesis we have that p„ n p„, and hence p„ — ((cti,(7i), {(72,^2))^ such that 
((Ti l±) 0-2) N ((Ti l±) (T2). Therefore the corresponding Abelard move in g{Ai,A2) 
is 

((cri,gi), (cr2,'?2))^ (((o-i l+l7)|£,,gi),(CT2,(72),(7Wcri,!a))g 

where 7 : V(cri(a)) — > is a (ground) substitution that will be defined next. 
Since (Ti x ci , and cti (a) is the variable xi , then it follows that ai (a) = ui (a) = 
a = xi. Abelard choice of 7 depends on the nature of ^{xi). 

— If 7(xi) G ^^A2 then in this case we let 7 :— 7, and hence the invariant 
(|Inv- N I ) is maintained, i.e. (cti I±I (72 W 7) n (cti I+I CT2 W 7). 

— If 7(a;i) appears in the current position, i.e. 

7(xi) G {codom{ai i+)CT2)) \ {Sai U ^^^2), 

then there is a variable y G dom{ai W CT2) such that (y i— )■ 7(2;! )) G (Ti l±) (T2. 
Since ((Ti W (12) n (cti W cr2), then it follows that there is a letter yo G ^0 
such that (y yo) G ci W cr2- Thus we let 7 := {xi t-^ yo} and the invariant 
(|Inv- N I ) is maintained, i.e. (ai W 0-2 W 7) n (cti W CT2 W 7). 
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— Otherwise, i.e. 7(xi) is a new letter that does not appear in the current 
position, then we take 7(2:1) as a new letter from Sq, and hence the invariant 
dlnv- N I is maintained. 

Secondly, we consider the possibility when both p„ and p„ are Eloise po- 
sitions. We consider an Eloise move m — pn ^ Pn+i in Q(Ai, A2), and we 
describe the corresponding Eloise move in G{Ai,A2)- We distinguish two cases 
depending on m. 

Case (i). If m e M^, then m is of the form: 

((cri,gi), (ct2,(?2), (0-3, ia))^ ((CTi^gi), ((0-2 ^cf)\D,q2))f} 

where ^2 e (52 (52,?/?), 
D = Dom{u2 W cr) \ K2^^('?2)j ^-nd 
o'(o'2(/3)) = C3(a), for a substitution tr 

Recall that cr3(a) is a letter. From the induction hypothesis we have that p„ xi 
p„, therefore p„ = ((cti, gi), (^2, 92), (^3, such that ((cti U 0-3) W 0-2) H 

((tJi U 0-3) tbi CT2). The corresponding move m in Q{Ax,A2) is: 

((CTi,qi), (0-2,92), (CT3,!a))j. ((CTi,gi), ((ct2 W 5-)|c, (72))a: 



where ct is a (possibly trivial) substitution such that (T(a2(/3)) — 03 (a). But we 
show that such a substitution exists and that the invariant (|Inv- n \ is maintained. 
Notice that CT2 (/?) is a variable iff 0-2 (/?) is a variable, and if so then CT2 (/?) = o'2 (/?) , 
since ^2 n cr2- Hence, we shall show that the invariant is maintained only when 
cr2(/?) and (72 (/3) are variables. We distinguish two cases according to the nature 
of a2(/3): 

— If (T2(/3) is a variable, say X2 6 ^2, (i-e. X2 ^ dom(a2)), then (T2(/3) = cr2(/3) = 
/3 = X2 . We must show that (a-il±){x2 (73(a) }ttl(T2) n (cti W {2:2 i-)' 0-3(0!) }W 
0-2)- Since we already know that (oi U 03) ttJ 02 x (oi U 0-3) W 02) then the 
claim follows from the following fact: 

Fact 5 Let a and a he two substitutions. If a n a, and x G dom{a) and 
z ^ dom{a), then a[z := x] K (7[z := x], where a[z := x] stands for the 
replacement of x by z in a. 

— If cr2(/?) is a letter, then a2{(3) = 0-3(0!). We distinguish two cases depending 
on 03(a): 

• If 03(0) G Sai U (and so 02 (/?)), then on the one hand, 0-3(0) = 
03(a), since 03 ix 03, and on the other hand, 02 (/3) = 02(/3) since 02 x 
02. Therefore 03(a) = o-2(/3), and we are done. 

• If 03(a) S \ {Sai U Sa2)j then a must be a variable, say xi ^ Xi. In 
this case /3 is also a variable, say a;2 £ X2, since 02(/3) = 03(a). Notice 
that, on the one hand, {xi 1— >■ 03(a), X2 1— >■ 03(a)} appears in the position 
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p„, i.e. {xi a3{a),X2 ^ o'3(a)} C cri U (72 U 0-3. On the other hand, 
{xi n- (73(a), X2 H> CT2(/3)} also appears in p„, i.e. 

{xi H- ?• a2{a),X2 I— >■ a3(/3)} C f7iU(72Uf73. Therefore (T2(a) = 5-3 (/3), since 
(ai U 0-2 U CT3) X ((Ti U (72 U CT3). 

Case ('iij. If m S M^^, then in this case this move is of the form 

((cri,Qi), (0-2,92), (0-3, (((c^i Wct)|£,i,'7i),((o-2 W 7)|D2 > '72))a 

where (73 G (52(g2, !/?), 
£>! = Dom{ai W (7) \ K]^^((7i), 
i?2 = ^om(a2W7)\«:^i(<Z^), 
o'(o'3(a)) = 7(f^2(^)), and 
7 : Via^m ^ i:. 

From the induction hypothesis we have that p„ x p„, therefore 

Pn = ((^i,9i), (0-2,92), (^3, ?a))g such that (cti UCT3) l+l 03 x (c^i Ucts) Wcr2- The 

corresponding Eloise move in G{Ai,A2) is: 

((ct1,9i), (0-2,92), (0-3,?Q!))g (((0-1 ttlCT)|£,j,9i), ((0-2 W7)|D2,92))a 

where o-(o-3(a)) = 7(0-2 (;5)) 

and the (ground) substitution 7 : V{d'3{a)) Co by Eloise will be defined next, 
provided that the invariant (|Inv- n | ) is maintained. Notice that maintaining this 
invariant does make sense only when 0-3(0) or 0-2 (/3) is a variable. The choice of 
7 depends on 0-3(0). 

— If 0-3 (a) £ U 17^2 , then this case is straightforward. 

— If 0-3 (q?) € ^ \ i^Ai U ^^2), then o; must be a variable, say yi e We 
distinguish two cases depending on 0-2 (/3). 

• If 0-2 (/3) is a letter then in this case o-2(/3) = 0-3(0), and hence 7 = o- = 0. 
Thus we take 7 = ct = and we must show next 0-3(0) — o-2(/3). Notice 
that /3 must be a variable, say 1/2 €: X2- Since {yi i~> 0-3(0), y2 '-^ 02(/3)} 
(resp. {yi n> 0-3(0), ?/2 > o-2(/3)}) appears in the position p„ (resp. p„), 
and 0-3(0) = 02(/3) then 0-3(0) = 02 (^5), since p„ x p„. 

• If 0-2 (/3) is a variable, say j/2 G A'2, then CT2(/3) = 02(/3) = /3 = 2/2, since 
(72 X 0-2- In this case we have 7 — {y2 1— > 0-3(0)} and ct = 0. Thus we 
take 7 = {j/2 03(0)}. And the invariant dlnv- x D is maintained. 

— If CT3(o) is a variable, say xi G Xi, then 0-3(0) = 03(0) — a = xi. We 
distinguish two cases depending on the nature of o-2(/3). 

• If 0-2 (/5) is a letter then CT2(/3) is a letter as well since 0-2 x 172. In this 
case 7 = and a — {xi n> 0-2 (/?)}. Therefore we take 7 = and a = 
{xi ^ o-2(/3)}. 

• If 0-2 (/3) is a variable, say 7/2 G '-^2, then a2{f3) = 02(/3) = /? = 2/2 since 
(72 X 0-2. Assume that 7 = {2/2 ^ 2/o}, where yo G 17 is a letter. In this 
case we take 7 = {7/2 ^0}, where the choice of the letter yo G Co 
depends on j/q. 
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* If J/0 G ^Ai U then we let j/o :— yo- 

* If yo £ codom{(Ti \+)(J2) \ {^Ai U-S'^a) then there must exist a variable 
z & XiU X2 and a letter zo G Co such that (z yo) G W 0-2 and 
(z Zo) e (cti W a-2)- We let yo := zq- 

* Otherwise, i.e. yo is a fresh letter that does not appear in p„, then 
yo must be a fresh letter as well. Since 

|codom(ai tt)CT2)| < \Xi\ + \X2\ - K |Co \ (r^^ U 

then codom{(7i ttJ (72) C Co \ (^^1 U -S'^a)- Hence we take yo as an 
arbitrary element of the non empty set 

Co \ (^^1 U Z!a2 U codomid-i ttJ (12)) 

The proof of the direction "<;=" is dual w.r.t. the proof of the direction "=4>". 
That is, it can be obtained by replacing Eloise by Abelard, and Abelard by 
Eloise and keeping the same instantiation strategy and the definition of the 
N -coherence. This ends the proof of the Proposition. □ 

D Appendix for Section [7] 

We extend CFVAs so that the transitions are labeled with arbitrary terms over a 
first-order signature, besides the communication symbols indeed. This extended 
model is called ECFVA. 

Let X he a, finite set of variables, S a set of function symbols. Let T{S, X) 
denote the set of terms built out of the symbols in S and the variables in X. We 
shall denote by T{E, X) the set {!, ?} x T{S, X), where {!, ?} n (r U A") = 0. 
If t £ T{S, X) then \t (resp. It) denotes sending (receiving) the message t. A 

matching problem of a term i by a term u, denoted by t ^ u, is solvable iff there 

is a substitution a such that a{t) — u. The set of solutions of i ^ m is denoted 
by t < u. 

The definition of ECFVAs follows. 

Definition 10. A ECFVA is a tuple A — {S, X ,Q,Qa,S, F, k.) where S is a 
denumerable set of functional symbols, X is a finite set of variables, Q is a finite 
set of states, Qo C Q is a set of initial states, S = Q x T{X!, X) — s> 2^ is a 
transition function, F (- Q is a set of accepting states, and k : X 2'^ is the 
refreshing function that associates to every variable the (possibly empty) set of 
states where it is refreshed. 

We define the mirror of a word cj — jli ■ jZ„ • ... as the word w — 7/1 • ^In ■ ■ ■ ■■ 
The definition of configuration and run for ECFVAs follows. 

Definition 11. Let A = {S, X ,Q,Qq,S, F, n) be a ECFVA. A configuration is 
a pair {q, M) where q Cz Q and M : X ^ S is a partial function. We define 
a transition relation over the configurations as follows: (gi,Mi) A (92,^^2), 
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where u g T{S), iff there exist a term t G T{S^X), such that q2 G 5{qi,t), 
and a substitution a = {Mi{t) <C u) so that M2 — {Mi tt) cr)|/), where D = 
dom{Mi tt) cr) \ ^"^(92)- ^ finite word u — U1U2 • ■ • u„ G T{S) is recognized 
hy A iff there exists a run {qq^Mq) ^ ((ji,Mi) ^ ... ^ {qn,Mn), such that 
Mq — 9, Qo € Qo and q„ G F. The set of words recognized by A is denoted by 



Definition 12. The asynchronous product ® ofn ECFVAs Ai — (Si, A^, Q^, Qq, Si, Fi, nf) 
zjfl an ECFVA: Ai®---®An = X ■, Q, Qo, F, k), where: 

• S — Ui=i,...,„X'i, 

• Q = Ql X ■ ■ ■ X Qn, 

• Qo ^ Qlx ■ ■ ■ X Q^,, F = Fi X ■ ■ ■ X F„, 

• 6 is defined by: q G S{p,t) iff for some i, 7ri(q) G di(TTi{p),t), and for all 

j i we have that -Kj (q) — TTj (p) , where tt^ denotes the projection along the 
i*'^ -component, and 

• K is defined by: p G k{x) iff for some i, TTi{p) G Ki{x). 

D.l Undecidability of the S-simulation problem for ECFVAs 

Theorem 6. The ^-simulation is undecidable for ECFVAs in which the labels 
are terms over a signature containing a unary symbol. 

We reduce the halting problem of 2 counter machines to the simulation prob- 
lem for ECFVAs. Let us consider a deterministic 2-counter machine M with set 
of states Q and such that go is the initial state and g/ the final one (from where 
no transition is possible). A configuration of the machine can be represented by 
a term g(s"(0), s'"(0)) where q is the state, and n (resp. m) the value of the first 
(resp. second) counter. The initial configuration of M is go(s*(0), s-* (0)) We en- 
code every transition / : q{u,v) q'{u',v') of the machine by a (deterministic) 
ECFVAs Ai as follows (we consider only the cases when the first counter is incre- 
mented, decremented or tested, the cases for the second counter are analogous): 

— {'1,q'} U {s, 0}, Xi is a finite set of variables, Qi = {p'^,pj,pf,pf,pf,pf} 
and the set of transitions Si (where u,v € Xi ) : 



Instruction I Set of transitions Si 



L{A). 



q{u,v) ^ q'{s{u),v) {pf 
q{s{u),v) q'{u,v) {pj' 
q{0,v) ^q'{u,v) {pO 




Pt,Pt >Pl,Pt ->P?} 

Pi, Pi ^ Pi, Pi ^Pl) 
4 4 !0 5 5 !i; 01 
Pi, Pi Pi, Pi ^Pl) 



* Up to variable renaming, we assume that Xi n Xj = 0, for all i 7^ j. 
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Now we build a client automata Cm such that S = (5U{s, 0}, A" is a finite set 
of variables, the set of states is Qm = {I, F, (P ,(?,(? I is the unique 
initial state and all states are accepting. 

The set of transitions of C is the union of the following ones (where u,v & X) : 

Initial sequence: {7 7", 7" 0°} 

For all q e Q: {c^ ^ c\ ^ c\ ^ c\ ^ c\ ^ C", & 0°} 

Final loop: {c^ 7^, 7^ F} 

The Client automata starts by sending the initial configuration of A7, then she 
simply sends back the configurations she receives till she receives g/ the final 
state of M. If this happens Cm enters a loops by keep on sending back q^. Since 
no transitions from qf exists in M there is no service automaton that can accept 
the message g/. Hence the 2-counter automata halts iff Cm cannot be simulated 
by the asynchronous product of automata Ai. 

E Further results on FVAs 

For convincing the reader, we present here further results which have not been 
presented in the core of the paper. 

We provide a fine comparison between FVAs and n-FVAs, then we define 
deterministic FVAs and study some of their properties. 

E.l The n-FVAs and their expressiveness 

To compare n-FVAs and FVAs, the definition of the relation of simulation and 
bisimulation for FVAs is needed. 

Definition 13. LetA\ = {S,Xi,Qi,qQ,Si,Fi,Ki) andA^. = {E,X2,Q2,qo,S2,F2, 
be two FVAs where Xi C] X2 = %. A simulation of A\ by A2 is a relation 

< C ((^ X Qi) X {( X Q2) such that 

— if < (172,92) and if q'l S 6i{qi,xi) for a variable xi G Xi, and 71 : 

V(cri(a;i)) E is a substitution and 

. 7l(CTi(,ri)) I . . r, / s 

^ ^ 

where D\ = dom{ai) \ Ki^{q[), then there exist a variable X2 S X2 and a 
transition q'2 £ ^2 (92, 2:2) and a substitution 72 : 'V(cr2(a;2)) — >■ S such that 
ai{xi) = a2{x2) and 

(a2,g2)^''"4"^" {(T2U{{x2,a)}^n,,q'2) 

^ V ' 

where {o'[,q[) < {a'2, 92) o-f^d D2 = dom{a2) \ K2^{q2)- 
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— The cases when Ai performs a transition labeled by a letter and A2 replies 
by a transition labeled by either a letter or a free variable are handled in the 
usual way. 

(0,gi)<(0,gg). 

- // ((Ti, gi) <! (0-2, 92) with qi e Fi then q2 £ F2. 

Lemma 6. The simulation relation < of FVAs enjoys the following properties: 

1. it is a preorder, i.e. reflexive and transitive, 

2. it implies language inclusion, i.e. ifA^B then L{A) C L{B), for two FVAs 
A and B, and 

3. it is decidable. 

Proof. Items 1 and 2 are immediate. For the Item 5, the same technique used 
in the proof that the S-simulation is decidable (Theorem [5]) can be reused: there 
is a finite set C of letters such that there is a simulation where the variables are 
instantiated from the infinite set E iff there is a simulation where the variables 
are instantiated from C. □ 

The relation of bisimulation for FVAs, denoted hereby w, can be defined in 
the same fashion as the relation of simulation. 

Although n-FVAs and FVAs recognize the same languages, n-FVAs are stronger 
than in — l)-FVAs in the following sense: 

Theorem 7. For every n > 2, there is an n-FVA H„ so that there is no n'-FVA 
Tin' such that 'Hn and Hn' are bisimilar and n' < n. 

Proof. Let T-Ln = X, Q, qq, 6, F, k) be the n-FVA depicted below and defined 

by 

(-f — , . . . , Xn } , 

Q ^ {q-i,qo, . . . ,g„} U {ql,i = l,...,n}U {qf,i = 1, . . . 
F^Q 

S = {q-i qo} ^ {qi qi+i,i = 0,...,n-l}Li{qi ''^ q^ ,i ^ 1, . . . ,n ~ 1}\J 

{ql \qf,i^2,...,n-l} 
dom{K) — 0, 

where b £ S. We show that there is no (n — 1)-FVA S„_i that Hn ~ Bn-i- To- 
wards a contradiction: assume the existence of such Bn-i = X' , Q' , Qg, 6' , F' , k'). 
There exist two substitutions (t„_i : X ^ S and cr^_i : X' ^ S, and a state 
q'n-i G Q' such that (cr„_i,g„_i) w i'^'n-i^ Qn-i)- Notice that dom{an-i) = 

{xi, . . . ,Xn-i}. We argue next that the transition qn-i ' >■' 9n-i,i of T-Ln 
can not be simulated by any transition of Bn-i outgoing from q'n_i. Each tran- 
sitions outgoing from q'^-i is labeled by a letter or an (n — l)-labels of variables 
(x'l, . . . , a;^_i). Notice that when there exist i,j such that if cr'(a:-) ^ a'{x'j), 
then one of the outgoing transitions from q'^-i is possible, but this transition 
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must be matched by the transition qn-i qn in H„. And the ^-transition of 
Bn-i can not be matched by any transition in 7^„ since there is no outgoing 
transition from qn. 




□ 



E.2 Deterministic FVAs. 

We define deterministic FVAs, (DFVAs, for short) in terms of runs. Then we 
give a syntactic characterization of them. 

Definition 14. A FVA A is deterministic if for every word w € S* there exists 
at most one run of A on w. 

Theorem 8. Let A he a FVA. Then A is not deterministic iff there exists an 
accessible state q with two outgoing transitions satisfying one of the conditions: 

1. the transitions are labeled with the same letter; 

2. one of the transitions is labeled by a variable. 

It is clear that the above conditions are sufficient and necessary. 

Proposition 2. There is a FVA A such that no DFVA V satisfies L{A) = 
L{V). 

Proof. Let a, b be two letters in Z", and lei C — {z \ z S S} U {ati}. Indeed the 
language L is FVA-recognizable. Towards a contradiction: assume the existence 
of a DFVA V such that L{'D) = C. Let go be the initial state of V. By following 
the syntactic characterization of DFVAs given in Theorem[8l we have that either 
(i.) all the transitions outgoing from go are labeled with letters, and in this case 
the language {z \ z G Z"} can not be recognized by T) since S is infinite, which 
is a contradiction, or (ii.) there is only one transition outgoing from go and 
labeled with a variable. Let q^ —> qi be such transition. In this case, there must 
be a transition qi ^ q/ in T> where is a final state. This means that the set 
of words az, where z G Z is recognized by T>. This is a contradiction. □ 

Corollary 1. Deciding if a FVA is deterministic is NL-Complete. 
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Proof. The upper bound follows from the fact that we can guess a condition and 
check whether it is violated. On the other hand, NL is closed under complemen- 
tation. The lower bound follows from a standard reduction from the reachability 
for digraphs. □ 

Proposition 3. For DFVAs, the membership and the universality problems are 
in PTIME. 

Proof. We only discuss the complexity of the universality since the membership 
problem is straightforward. Let A he a. DFVA. Recall that to check whether A is 
universal we first construct an equivalent FVA A! in which all the transitions are 
labeled with free variables, see the proof of Thereom[3] To construct A' one may 
first eliminate all the transitions of A labeled with letters. This yields a DVFA 
A'^ whose structure is a tail-cycle in which all the transitions are labeled with 
variables. Hence, the universality of A'^ can be done in polynomial time. □ 

Proposition 4. The containment problem L{A) C L{'D) for two FVAs A and 
T) where T) is deterministic, is decidable. 

Proof. We shall show that L{A) C L{V) iff V simulates A. The direction (^) 
has been proven in item 2 of Lemma [B] The direction (<^) follows from the fact 
that every accepting run by A over a word w G S* can be simulated by a unique 
run by V over w. 
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